<%#
kind: snippet
name: remote_execution_ssh_keys
model: ProvisioningTemplate
snippet: true
%>
# SSH keys setup snippet for Remote Execution plugin
#
# Parameters:
#
# remote_execution_ssh_keys: public keys to be put in ~/.ssh/authorized_keys
#
# remote_execution_ssh_user: user for which remote_execution_ssh_keys will be
#                            authorized
#
# remote_execution_create_user: create user if it not already existing
#
# remote_execution_effective_user_method: method to switch from ssh user to
#                                         effective user
#
# This template sets up SSH keys in any host so that as long as your public
# SSH key is in remote_execution_ssh_keys, you can SSH into a host. This 
# works in combination with Remote Execution plugin by querying smart proxies
# to build an array.
#
# To use this snippet without the plugin provide the SSH keys as host parameter
# remote_execution_ssh_keys. It expects the same format like the authorized_keys
# file.


<% if !host_param('remote_execution_ssh_keys').blank? %>
<% ssh_user = host_param('remote_execution_ssh_user') || 'root' %>

user_exists=false
getent passwd <%= ssh_user %> >/dev/null 2>&1 && user_exists=true

<% if ssh_user != 'root' && host_param_true?('remote_execution_create_user') -%>
if ! $user_exists; then
  useradd -m <%= ssh_user %> && user_exists=true
fi
<% end -%>

if $user_exists; then
<% ssh_path = "~#{ssh_user}/.ssh" %>

  mkdir -p <%= ssh_path %>

  cat << EOF >> <%= ssh_path %>/authorized_keys
<%= host_param('remote_execution_ssh_keys').is_a?(String) ? host_param('remote_execution_ssh_keys') : host_param('remote_execution_ssh_keys').join("\n") %>
EOF

  chmod 0700 <%= ssh_path %>
  chmod 0600 <%= ssh_path %>/authorized_keys
  chown -R <%= "#{ssh_user}:" %> <%= ssh_path %>

  # Restore SELinux context with restorecon, if it's available:
  command -v restorecon && restorecon -RvF <%= ssh_path %> || true
  
<% if ssh_user != 'root' && host_param('remote_execution_effective_user_method') == 'sudo' -%>
<% if @host.operatingsystem.family == 'Redhat' || @host.operatingsystem.family == 'Debian' -%>
echo "<%= ssh_user %> ALL = (root) NOPASSWD : ALL
Defaults:<%= ssh_user %> !requiretty" > /etc/sudoers.d/<%= ssh_user %>
<% elsif @host.operatingsystem.family == 'Suse' -%>
echo "<%= ssh_user %> ALL = (root) NOPASSWD : ALL
Defaults:<%= ssh_user %> !targetpw" >> /etc/sudoers
<% end -%>
<% end -%>
else
  echo 'The remote_execution_ssh_user does not exist and remote_execution_create_user is not set to true.  remote_execution_ssh_keys snippet will not install keys'
fi
<% end %>
